Blog Archives

People have become more and more obsessed with status updates; whether it’s on Twitter or Facebook, people are all about letting others in on what they’re doing and where they’re going and what exactly they’re doing. Programs like Foursquare, let users check into different locations and find friends that may be in your same location. The more you visit certain spots, you move up in the ranking and unlock badges and points, eventually getting to “mayor” status the more you visit. The more these types of apps take off, the more security concerns they raise.

A new scheme is hitting Facebook, trying to trick its users into searching for virus-infected websites, and ultimately downloading the virus by choice. It works like this: while you’re surfing Facebook, you get a notification saying that you have been infected by an “unNamed App” and that it is an internal spybot. In reality there is nothing wrong with your account, but the hacker expects that you will immediately go to Google and search for this “unNamed App.”

“A normal user will go to a search engine to find out what this is about… and then he will find that there is a nice BlackHat SEO attack that makes the 1st and 2nd results to lead to a malicious website that forces you to install a rogueware application,” reports PandaLabs research lead Luis Corrons.

The hacker’s website will usually rank somewhere near the top of the search engine results, and when you click to go into the website, it will try to force you to download the virus. This shows just how tricky hackers have become. Facebook already knows about this scam and is actively warning its users of it and to “Be wary of any sites that claim to be able to fix this, as they might contain malicious software.” To avoid falling victim to these types of scams, be sure to be careful what you click on.

A new scam has hit popular social networking websites like Facebook. Hackers steal people’s user-names and passwords by using complex software or by “phishing” (sending links to fake websites masquerading as trusted ones, which ask for and collect login and password information) and then use their identities to make money. The hackers will usually ask friends to send them money, promote products for their own gain, or just cause trouble for the user.

Twitter users are also vulnerable to this scam. After getting your login information, a hacker will offer your followers a link to a $500 Victoria’s Secret gift card or encourage them to click on a link to get 100 followers. Even celebrities have been hit with this scam, including CNN’s Rick Sanchez, Britney Spears and Barack Obama, who unknowingly asked his followers to take a survey in January and possibly win $500 in free gas.

Instead of stealing our financial records, the hackers are stealing our actual identity by pretending to be us on social networks and misusing the trust people have in us. It’s identity theft in the purest sense of the term.

“It’s not the pseudo-identity that is our financial records. It’s actual identity,” says Mark Federman, a researcher at the University of Toronto.

This is exactly what happened to Bryan Rutberg. He was reading a book in his Seattle home one night when his Facebook status mysteriously changed to “Bryan Rutberg IS IN URGENT NEED OF HELP!!!”. While Bryan was trying to get back into his account, the hacker sent out messages to his friends as they came online, saying that he was robbed at gunpoint in London and was in desperate need of money to get home. Most of Rutberg’s friends were suspicious of this call for help and refused to send money, but one took the bait and wired the impostor $1,200.

“Literally dozens of people I had connected with on Facebook, some of whom I had no way of connecting with other than via Facebook, friends from high school, college, grad school, old jobs, were being solicited by the person who had hacked my page trying to get money from them” said Bryan Rutberg.

Bryan isn’t sure how the hacker got his account information, but he suspects that it was a fake link that he clicked, which is also know as phishing. Due to the rise in these types of scams on social networking sites, Facebook now has a list of frequently asked questions about money scams, phishing, and fake messages to keep users protected, and even offers steps to take if you suspect you’re the target of one of these scams.

Since Facebook released their privacy changes last week, the reception to the new changes has been overwhelmingly positive. This is in high contrast to some of Facebook’s previous changes to the system, like their controversial Beacon feature which broadcasted information about a user’s activities on the web. This feature was very quickly removed and it resulted in a whopping $9.5 million settlement for some lucky Facebook members.

This time around Facebook was much more careful before they went ahead and implemented any radical new changes pertaining to user’s privacy. Facebook started testing out the changes as far back as June, when they announced a limited beta release which involved more than 1 million testers. Additionally, the company even took the extra steps to consult advocacy groups and offered them in-advance briefings through a non disclosure agreement.

At the University of Wisconsin at La Crosse, a 19-year-old freshman named Adam Bauer made the simple mistake of adding someone he did not know as a friend on Facebook. The mistake ended up costing Bauer $227 in fines for underage drinking.

Bauer believes that by accepting this new friend on Facebook he made himself susceptible to police, who troll Facebook looking for incriminating photos.

Bauer states that he was invited down to the the La Crosse police station where he was shown pictures of himself drinking. The pictures came directly from his Facebook page.

He was among at least eight people from La Crosse who have been cited for underage drinking based on photos on social networking sites. “I just can’t believe it. I feel like I’m in a science fiction movie, like they are always watching. When does it end?” Bauer said after court Wednesday.

“Law enforcement has to evolve with technology,” said La Crosse police officer Al Iverson. “It has to happen. It is a necessity -not just for underage drinking.” He also added that social networking sites are being used to catch sexual predators as well.

Bauer’s friend, 20-year-old UW-L sophomore Tyrell Luebker, also was tagged for underage drinking based on Facebook photos said, “I feel like it is shady police work and a waste of taxpayer money to have him (an officer) sit on the computer on Facebook when he could actually be doing police work,” said Luebker.

Iverson simply pointed out that the teens were still guilty of an illegal act. By posting pictures of themselves drinking on Facebook they are promoting binge and underage drinking.

The more popular Facebook becomes, the more dangerous it becomes to use. As if you didn’t already have to be wary of Facebook’s emails, now a worm is spreading via Facebook user’s walls. According to anti-virus maker, AVG, the worm spreads when users click on a provocative photo that is being placed on infect dusters walls. By clicking on that image, users are then opening themselves up to attack.

Below is an explanation of how this nasty works according to one of AVG’s bloggers:

“For those unfamiliar with Facebook (is there anyone other than me in that set?) the thumbnail of the worm’s infective page is a link to the page. The worm’s objective, of course, is that others viewing the victim’s wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim’s wall, and so on…
This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post and clicked on the “Share” button to confirm the post.”

We’ve seen many a lawsuit involving Facebook. With everything from criminals getting arrested for updating their Facebook status during a robbery, to someone being arrested for a harmless “poke.” On a brighter note, one New York teen was able to use a Facebook status update to provide an alibi and actually keep himself out of jail.

One night, Rodney Bradford, a 19-year-old from Harlem was online updating his Facebook status. The next night he was taken into custody under suspicion of robbery. Claiming his innocence, Bradford’s defense attorney admitted Bradford’s Facebook status update as his alibi. The judge subpoenaed Facebook company records and was able to verify that the update occurred at 11:49 am from Bradford’s father’s home. The robbery, on the other hand, occured at 11:50 am. This was enough evidence to convince the court that Bradford’s alibi was indeed legitimate, and he was cleared of all charges.

However not everyone is pleased with the results of the case. Joseph Pollini, a law professor at John Jay college, stated “With a user name and password, anyone can input data in a Facebook page. Some of the brightest people on the Internet are teenagers,” he said. “They know the Internet better than a lot of people. Why? Because they use it all the time.” Reuland admits that this is possible but disagree that it is likely stating “This implies a level of criminal genius that you would not expect from a young boy like this; he is not Dr. Evil.”

One thing is for certain, that this ruling can set legal precedent for a slew of other cases to come. John Browning, a lawyer and member of the Dallas Bar Association who studies social networking and the law stated, “This is the first case that I’m aware of in which a Facebook update has been used as alibi evidence. We are going to see more of that because of how prevalent social networking has become.” Whether or not a Facebook status should be admissible in a court of law is not for me to say, but I’m eager to see what other cases can come out of this one.

There has been a lot of controversy regarding Facebook’s ever evolving privacy policies, but it turns out that some of Facebook’s legal actions can actually benefit everyone. Facebook and Microsoft have both been actively fighting and prosecuting some of the Internet’s worst spammers. This week Facebook won $711 million in damages from Sanford Wallace after a U.S. District Court Judge ruled that Wallace had violated the U.S. CAN-SPAM Act. The U.S. CAN-SPAM Act national standards for the sending of commercial e-mail and requires the Federal Trade Commission to enforce its provisions.

Sam O’Rourke, associate general counsel at Facebook, says “If someone perpetrates a spam campaign that we feel is any way significant to our users, then we’ll go after them.” Meanwhile, just last month Microsoft filed a total of five suits against spammers using “malvertisement,” online ads that serve up malware to users computers.

These cases are one of the few situations where a big corporation getting involved helps benefit the average user. Patrick Peterson of Cisco says that the legal recourse being pursued by Microsoft and Facebook is good for everyone. “It is great for everyone,” he says. “In many cases people aren’t willing to go through the tremendous expense and distraction of prosecuting somebody.”

According to Patrick, you shouldn’t assume that these companies are pursuing these lawsuits as a source of revenue. Facebook and Microsoft usually never end up collecting real money for these cases, instead they spend hundreds of thousands of dollars on legal fees for these lawsuits. Their ultimate goal behind these cases is just to halt spammers and set precedents to stop future spammers. “The next guy who thinks about doing this will think twice,” Peterson says.

Sanford Wallace, an Internet marketer who is notoriously known as the “Spam King” for sending out as many as 30 million junk e-mails a day in the 1990’s, was found guilty in court for spamming Facebook and now has to pay them $711 million in damages. He is charged with hacking into user’s accounts and sending out phony messages and posts trying to make money from the users (which apparently he made tons of, and it’s not the first time).

In May, 2008, he did the same thing with MySpace, in which case he was also caught and forced to pay the social media site $230 million. And once again before that, $4 million for running an operation that spread a spyware virus.

Aside from having to pay such a huge amount of money, again, Wallace might also face jail time since the government is cracking down on cyber crime and Internet fraud.
(Via HuffingtonPost)